Difference between revisions of "Authentication and security"

From EN Ikoula wiki
⧼vector-jumptonavigation⧽ ⧼vector-jumptosearch⧽
Line 1: Line 1:
 +
<span data-link_translate_fr_title="Authentification et sécurité"  data-link_translate_fr_url="Authentification_et_s%C3%A9curit%C3%A9"></span><br />[[:fr:Authentification et sécurité]][[fr:Authentification et sécurité]]<br />
 +
 
This article has been created by an automatic translation software. You can view the article source [[:fr:Authentification et sécurité|here]].<br />
 
This article has been created by an automatic translation software. You can view the article source [[:fr:Authentification et sécurité|here]].<br />
  

Revision as of 17:50, 22 September 2015


fr:Authentification et sécurité

This article has been created by an automatic translation software. You can view the article source here.





Introduction

How to authenticate the API Ikoula and security policies ?

Explanations

For obvious reasons of safety, the Ikoula API requires authentication. It is Base d on a username, a password and a signature :

  • The ID is the email address used for the connection to your account Ikoula or extranet. The name of the parameter to pass is always login.
  • The password as it may be, is provided in plaintext (parameter password), is encrypted via a specific function using a public key provided by Ikoula (parameter crypted_password) and Base 64_encode
  • The signature is generated Base d on the parameters supplied when calling the API (see the signature generation procedure ==> The signature generation)


These settings should always be passed in to the API GET !

ATTENTION :
The passage of the password in clear text is provided to facilitate the grip of the API and serves as debug. For your API tests, you can for example use a temporary user dedicated to these tests and authenticate you with plaintext password (See the WIKI for the creation of sous-utilisateur : https://support.ikoula.com/index-1-2-2835.html).

The use of encryption of password with the public key Ikoula is essential in any context of production or non-court term.
If the API calls are doomed to be used via a script or a program, we recommend creating a user dedicated to this purpose instead of using your regular extranet user.
Two options are available to you :

  • Contact our support for the creation of an extranet user
  • Create a sous-utilisateur directly from the homepage of your extranet account (See the WIKI for the creation of sous-utilisateur : https://support.ikoula.com/index-1-2-2835.html) especially not forgetting him putting rights desired benefits .



The public key from the password encryption is available at the following address
https://api.ikoula.com/downloads/Ikoula.API.RSAKeyPub.pem

Examples

For this example, the login will be "ikoulasupport ".
To encrypt the password, here is an example of a function using the key public iKoula :

// Chemin local vers la clef publique téléchargée à http://api.ikoula.com/downloads/Ikoula.API.RSAKeyPub.pem
define('API_PUB_KEY_PATH', dirname(__FILE__) . '/Ikoula.API.RSAKeyPub.pem');
 
// Fonction de cryptage du mot de passe via la clef publique Ikoula
function opensslEncryptPublic($password)
{
        // Vérification de la présence de la clef publique
        if(file_exists(API_PUB_KEY_PATH))
        {
                if(!empty($password))
                {
                        // on récupére la clef public
                        $publicKey = openssl_pkey_get_public('file://'.realpath(API_PUB_KEY_PATH));
 
                        // Si il n'y a pas eu d'erreur lors de la récupération de la clef publique on continue
                        if ($publicKey !== FALSE)      
                        {
                                // Si chiffrement clef publique OK
                                if(openssl_public_encrypt($password, $crypted, $publicKey) === TRUE)   
                                {
                                        // Renvoie du passe crypté
                                        return $crypted;       
                                }
                                else
                                {
                                        return NULL;
                                }
                        }
                        else
                                return NULL;
                }
                else
                        return NULL;
        }
        else
        {
                echo("Erreur la clée public n'est pas présente.\n");
                return NULL;
        }
}
 
// Utilisation de la fonction de cryptage
$password_crypt = opensslEncryptPublic("Mot de passe non crypté");
if($password_crypt != NULL)
        echo "OK Mot de passe crypté: ".$password_crypt;
else
        echo "Erreur lors du cryptage du mot de passe.";

<!--T:4-->
// ==> $password_crypt contient donc le mot de passe crypté

Conclusion

Once the encrypted password and encrypted signature, thus can be the API call with as parameters (If we follow the above example ) :

  • login = ikoulasupport
  • crypted_password = Base 64_encode ($password_crypt )
  • signature = signature generated (see the signature generation procedure ==> The signature generation)


NB : N'oubliez pas d'url_encode r chaque parameter passé !



This article seemed you to be useful ?

0


You are not allowed to post comments.

Retrieved from "https://en-wiki.ikoula.com/index.php?title=Authentication_and_security&oldid=349"